[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Jailkit-users] How-to: Using chroot jails for egress filtering with ipt
[Jailkit-users] How-to: Using chroot jails for egress filtering with iptables and jailkit
Tue, 15 Mar 2011 07:17:09 -0500
Been messing around with jailkit over the weekend and ended up posting a lengthy tutorial on how to using jailkit to securely use certain applications on a machine with a default outbound drop iptables firewall.
I use rtorrent as an example because there is no way to predict the outbound ports connections it needs to make.
Basically it shows how to set up jailkit with an rtorrent user and then use iptables to allow the necessary port exceptions based on user matching.
This allows you to enjoy the security benefits of egress filtering and still run certain applications that don't do outbound connections in a predictable manner.
While rtorrent is the example, this could be used for numerous applications including a host of penetration testing tools (nmap, etc) as well other p2p programs.
Id appreciate any feedback any of you have, especially if there are certain things I could/should be doing better/differently.
Anyways, heres the link (its actually my first blog tutorial):
I hope someone here may find it useful and see how jailkit can be used in a wider security strategy.
Also, thanks to the devs for such great work. Once I got a decent grasp on how to use jailkit, I was really surprised at how easy it is to set it all up.
|[Prev in Thread]
||[Next in Thread]|
- [Jailkit-users] How-to: Using chroot jails for egress filtering with iptables and jailkit,
s r <=